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Amendment to the Claims 

Listing of Claims: 

1. (Previously presented) A method for maintaining privacy for transactions comprising 
employing a user device having a security module with a privacy certification authority 
computers and a verification computer, the verification computer having obtained public keys 
from the privacy certification authority computer and from an issuer that provides attestation of 
the security module, the method further comprising the steps of: receiving a first and second set 
of attestation-signature values, the first set of attestation-signature values being generated by the 
user device using first attestation values obtained from the issuer and the second set of 
attestation-signature values being generated by the user device using second attestation values 
obtained from the privacy certification authority computer; checking the validity of the first set 
of attestation-signature values with the public key of the issuer; checking the validity of the 
second set of attestation-signature values with the public key of the privacy certification 
authority computer ;and verifying whether or not the first and second sets of attestation-signature 
values relate to the user device. 

2. (Previously presented) The method according to claim 1, wherein the step of verifying 
comprises the step of: verifying that a first value is derived from a base value, comprised in the 
first set of attestation-signature values, and identical to a second value that is derived from said 
base value and is comprised in the second set of attestation-signature values 1 . 

3. (Previously presented) The method according to claim 1, wherein the step of verifying 
comprises the step of: verifying a proof that the first and second attestation-signature values are 
based on the first and second attestation values that are derived from at least one common value 
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4. (Original) The method according to claim 2, wherein the base value is different each time the 
method is applied. 

5. (Previously presented) The method according to claim 3, wherein the common value is 
derived from an endorsement key that is related to the security module. 

6. (Withdrawn) A method for maintaining privacy for transactions comprising employing a user 
device having a security module with a privacy certification authority computer and a 
verification computer, the privacy certification authority computer having obtained a public key 
from an issuer that provides attestation of the security module; the method further comprising the 
steps of: receiving an initial set of attestation-signature values (DAAl') from the user device, the 
initial set of attestation- signature values (DAAl') being generated by the user device using first 
attestation values obtained from the issuers; checking the validity of the initial set of attestation- 
signature values with the public key of the issuer; responsive to the checking step issuing second 
attestation values that relate to the initial set of attestation-signature values (DAAl'); and 
providing the second attestation values to the user device, a second set of attestation-signature 
values being derivable from the second attestation values, wherein it is verifiable that a first set 
of attestation-signature values and the second set of attestation-signature values relate to the user 
device, the first set of attestation-signature values is generatable by the user device using first 
attestation values obtained from the issuers. 

7. (Withdrawn) The method according to claim 6, wherein the step of issuing the second 
attestation values further comprises the step of: receiving a request value from the user device 
and verifying whether the request value relates to the initial set of attestation- signature values. 

8. (Withdrawn) A method comprising maintaining privacy for transactions performable by a user 
device having a security module with a privacy certification authority computer and an 
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verification computer, the user device having obtained first attestation values from an issuer and 
second attestation values from the privacy certification authority computer, the method step of 
maintaining comprising the steps of: generating a first set of attestation- signature values by using 
the first attestation values and a second set of attestation-signature values by using the second 
attestation values ;and sending the first and second set of attestation-signature values to the 
verification computer, wherein the verification computer is able to check the validity of the first 
set of attestation-signature values with an issuer public key (PK.sub.I) of the issuer, the validity 
of the second set of attestation-signature values with an authority public key (PK.sub.PCA) of 
the privacy certification authority computer and to verify that the first and second sets of 
attestation-signature value relate to the user device. 

9. (Withdrawn) The method according to claim 8, wherein the step of generating comprises using 
an endorsement key that is related to the security module. 

10. (Previously presented) A computer program element comprising program code means for 
performing the method of claim 1 when said program is run on a computer. 

1 1 . (Previously presented) A computer program product stored on a computer usable medium, 
comprising computer readable program means for causing a computer to perform the method 
according to claim 1 . 

12. (Withdrawn) A system for maintaining privacy while computers performing transactions 
comprising: an issuers providing an issuer public key (PKi); a user device having a security 
module for generating a first set of attestation-signature values; a privacy certification authority 
computer for providing an authority public key (PK P ca) and issuing second attestation values; 
and a verification computer for checking the validity of the first set of attestation-signature 
values with the issuer public key (PKi)and the validity of a second set of attestation-signature 
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values with the authority public key (PKpca), the second set of attestation-signature values being 
derivable by the user device from the second attestation values, wherein it is verifiable that the 
first and second sets of attestation-signature values relate to the user device. 

13. (Withdrawn) An article of manufacture comprising a computer usable medium having 
computer readable program code means embodied therein for causing maintenance of privacy for 
transactions, the computer readable program code means in said article of manufacture 
comprising computer readable program code means for causing a computer to effect the steps of 
claim 6. 

14. (Withdrawn) A program storage device readable by machine, tangibly embodying a program 
of instructions executable by the machine to perform method steps for maintaining privacy for 
transactions, said method steps comprising the steps of claim 6. 

15. (Withdrawn) An article of manufacture comprising a computer usable medium having 
computer readable program code means embodied therein for causing maintenance of privacy for 
transactions, the computer readable program code means in said article of manufacture 
comprising computer readable program code means for causing a computer to effect the steps of 
claim 8. 

16. (Withdrawn) A program storage device readable by machine, tangibly embodying a program 
of instructions executable by the machine to perform method steps for maintaining privacy for 
transactions, said method steps comprising the steps of claim 8. 

17. (Withdrawn) A computer program product comprising a computer usable medium having 
computer readable program code means embodied therein for causing maintenance of privacy for 
transactions, the computer readable program code means in said computer program product 
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comprising computer readable program code means for causing a computer to effect the 
functions of claim 12. 

18. (Previously presented) The method according to claim 1, wherein the step of verifying 
comprises verifying that a first value is derived from a base value, comprised in the first set of 
attestation-signature values, and identical to a second value that is derived from said base value 
and is comprised in the second set of attestation-signature values; wherein the step of verifying 
comprises verifying a proof that the first and second attestation-signature values are based on the 
first and second attestation values that are derived from at least one common value; wherein the 
base value is different each time the method is applied; and wherein the common value is derived 
from an endorsement key that is related to the security module. 

19. (Previously presented) An article of manufacture comprising a computer usable medium 
having computer readable program code means embodied therein for causing maintenance of 
privacy for transactions, the computer readable program code means in said article of 
manufacture comprising computer readable program code means for causing a computer to effect 
the steps of claim 18. 

20. (Previously presented) A program storage device readable by machine, tangibly embodying a 
program of instructions executable by the machine to perform method steps for maintaining 
privacy for transactions, said method steps comprising the steps of claim 18. 
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